A devastating new React vulnerability earned a "perfect 10" for risk, letting attackers remotely run code on a million-plus servers with a single HTTP request. Find out what happened, how fast attackers moved in, and why this bug changes everything for web security.

• France's VanityFair face a stiff fine over cookies.
• GrapheneOS pulls out of France over coercion worries.
• The EU adds to the pile-on over underage social media.
• India mandates the tracking of all smartphones.
• Apple says no.
• India abandons its smartphone tracking mandate.
• India requires all encrypted messaging to be SIM-tied.
• Scattered Lapsus$ Hunters --becomes--> SLH.
• AI demand has driven RAM pricing sky high.
• GRC's DNS Benchmark is finished and available.
• Cisco may talk a good game, but they're still Cisco.
• Browsers to ask users for local network access permission.
• React: The worst remote code exploit in a LONG time.

Show Notes - https://www.grc.com/sn/SN-1055-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to Security Now at https://twit.tv/shows/security-now.

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit

Sponsors:

• 1password.com/securitynow
• veeam.com
• bigid.com/securitynow
• zscaler.com/security
• hoxhunt.com/securitynow